internal IPsecSecurityAssociation(IPSEC_SA_DETAILS1 details, Func <FWPM_FILTER0, FirewallFilter> get_filter) { Direction = details.saDirection; LocalEndpoint = FirewallUtils.GetEndpoint(details.traffic.ipVersion, details.traffic.localAddrV4, details.traffic.localAddrV6, details.traffic.localPort); RemoteEndpoint = FirewallUtils.GetEndpoint(details.traffic.ipVersion, details.traffic.remoteAddrV4, details.traffic.remoteAddrV6, details.traffic.remotePort); IpProtocol = (ProtocolType)details.traffic.ipProtocol; LocalIfLuid = details.traffic.localIfLuid; RealIfProfileId = details.traffic.realIfProfileId; TrafficType = details.traffic.trafficType; TrafficTypeId = details.traffic.trafficTypeId; if (details.transportFilter != IntPtr.Zero) { TransportFilter = get_filter(details.transportFilter.ReadStruct <FWPM_FILTER0>()); } Bundle = new IPsecSecurityAssociationBundle(details.saBundle); var virt_if = details.virtualIfTunnelInfo.ReadStruct <IPSEC_VIRTUAL_IF_TUNNEL_INFO0>(); VirtualIfTunnelId = virt_if.virtualIfTunnelId; TrafficSelectorId = virt_if.trafficSelectorId; if (details.ipVersion == FirewallIpVersion.V4) { var udp_enc = details.udpEncapsulation.ReadStruct <IPSEC_V4_UDP_ENCAPSULATION0>(); LocalUdpEncapPort = udp_enc.localUdpEncapPort; RemoteUdpEncapPort = udp_enc.remoteUdpEncapPort; } }
internal FirewallField(FWPM_FIELD0 field) { Key = FirewallUtils.ReadGuid(field.fieldKey) ?? Guid.Empty; KeyName = NamedGuidDictionary.ConditionGuids.Value.GetName(Key); Type = field.type; DataType = field.dataType; }
internal IkeSecurityAssociation(IKEEXT_SA_DETAILS1 sa_details) { Id = sa_details.saId; KeyModuleType = sa_details.keyModuleType; LocalAddress = FirewallUtils.GetAddress(sa_details.ikeTraffic.ipVersion, sa_details.ikeTraffic.localAddress); RemoteAddress = FirewallUtils.GetAddress(sa_details.ikeTraffic.ipVersion, sa_details.ikeTraffic.remoteAddress); InitiatorCookie = sa_details.cookiePair.initiator; ResponderCookie = sa_details.cookiePair.responder; IkePolicyKey = sa_details.ikePolicyKey; VirtualIfTunnelId = sa_details.virtualIfTunnelId; CorrelationKey = sa_details.correlationKey.ToArray(); CipherAlgorithm = sa_details.ikeProposal.cipherAlgorithm.algoIdentifier; KeyLength = sa_details.ikeProposal.cipherAlgorithm.keyLen; Rounds = sa_details.ikeProposal.cipherAlgorithm.rounds; IntegrityAlgorithm = sa_details.ikeProposal.integrityAlgorithm.algoIdentifier; MaxLifetime = sa_details.ikeProposal.maxLifetimeSeconds; DiffieHellmanGroup = sa_details.ikeProposal.dhGroup; QuickModeLimit = sa_details.ikeProposal.quickModeLimit; List <IkeCredentialPair> credentials = new List <IkeCredentialPair>(); if (sa_details.ikeCredentials.numCredentials > 0) { SafeHGlobalBuffer buf = new SafeHGlobalBuffer(sa_details.ikeCredentials.credentials, 1, false); buf.Initialize <IKEEXT_CREDENTIAL_PAIR1>((uint)sa_details.ikeCredentials.numCredentials); var arr = buf.ReadArray <IKEEXT_CREDENTIAL_PAIR1>(0, sa_details.ikeCredentials.numCredentials); credentials.AddRange(arr.Select(c => new IkeCredentialPair(c))); } Credentials = credentials.AsReadOnly(); }
internal FirewallCallout(FWPM_CALLOUT0 callout, FirewallEngine engine, Func <SecurityInformation, bool, NtResult <SecurityDescriptor> > get_sd) : base(callout.calloutKey, callout.displayData, NamedGuidDictionary.CalloutGuids.Value, engine, get_sd) { Flags = callout.flags; ProviderData = callout.providerData.ToArray(); ProviderKey = FirewallUtils.ReadGuid(callout.providerKey) ?? Guid.Empty; ApplicableLayer = callout.applicableLayer; CalloutId = callout.calloutId; }
public override IEnumerable <NtType> CreateTypes() { return(new NtType[] { new NtType(FirewallUtils.FIREWALL_NT_TYPE_NAME, FirewallUtils.GetGenericMapping(), typeof(FirewallAccessRights), typeof(FirewallAccessRights), MandatoryLabelPolicy.NoWriteUp), new NtType(FirewallUtils.FIREWALL_FILTER_NT_TYPE_NAME, FirewallUtils.GetFilterGenericMapping(), typeof(FirewallFilterAccessRights), typeof(FirewallFilterAccessRights), MandatoryLabelPolicy.NoWriteUp) }); }
internal FirewallAleEndpoint(FWPS_ALE_ENDPOINT_PROPERTIES0 ep) { EndpointId = ep.endpointId; LocalEndpoint = FirewallUtils.GetEndpoint(ep.ipVersion, ep.localAddress, ep.localPort); RemoteEndpoint = FirewallUtils.GetEndpoint(ep.ipVersion, ep.remoteAddress, ep.remotePort); IpProtocol = (ProtocolType)ep.ipProtocol; LocalTokenModifiedId = new Luid(ep.localTokenModifiedId); MmSaId = ep.mmSaId; QmSaId = ep.qmSaId; IPsecStatus = ep.ipsecStatus; Flags = ep.flags; AppId = Encoding.Unicode.GetString(ep.appId.ToArray()).TrimEnd('\0'); }
private protected FirewallNetEvent(IFwNetEvent net_event) { Type = net_event.Type; var header = net_event.Header; Flags = header.flags; Timestamp = new LargeInteger(header.timeStamp.ToInt64()).ToDateTime(); IPProtocol = (ProtocolType)header.ipProtocol; LocalEndpoint = FirewallUtils.GetEndpoint(header.ipVersion, header.localAddrV4, header.localAddrV6, header.localPort); RemoteEndpoint = FirewallUtils.GetEndpoint(header.ipVersion, header.remoteAddrV4, header.remoteAddrV6, header.remotePort); ScopeId = header.scopeId; AppId = Encoding.Unicode.GetString(header.appId.ToArray()).TrimEnd('\0'); UserId = Sid.Parse(header.userId, false).GetResultOrDefault(); AddressFamily = header.addressFamily; PackageSid = Sid.Parse(header.packageSid, false).GetResultOrDefault(); }
/// <summary> /// Constructor. /// </summary> /// <param name="ale_layer">The ALE layer type..</param> public FirewallFilterEnumTemplate(FirewallAleLayer ale_layer) : this(FirewallUtils.GetLayerGuidForAleLayer(ale_layer)) { }
/// <summary> /// Add an executable filename condition. /// </summary> /// <param name="match_type">The match type for the condition.</param> /// <param name="filename">The path to the file to use.</param> public void AddFilename(FirewallMatchType match_type, string filename) { AddAppId(match_type, FirewallUtils.GetAppIdFromFileName(filename)); }